use of org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult in project cas by apereo.
the class X509CredentialsAuthenticationHandlerTests method getTestParameters.
/**
* Gets the unit test parameters.
*
* @return Test parameter data.
*/
@Parameters
public static Collection<Object[]> getTestParameters() {
final Collection<Object[]> params = new ArrayList<>();
X509CredentialsAuthenticationHandler handler;
X509CertificateCredential credential;
// Test case #1: Unsupported credential type
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
params.add(new Object[] { handler, new UsernamePasswordCredential(), false, null });
// Test case #2:Valid certificate
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
params.add(new Object[] { handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, new DefaultPrincipalFactory().createPrincipal(credential.getId())) });
// Test case #3: Expired certificate
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("user-expired.crt")), true, new CertificateExpiredException() });
// Test case #4: Untrusted issuer
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US"), true, false, false);
params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, new FailedLoginException() });
// Test case #5: Disallowed subject
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), true, RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US"));
params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, new FailedLoginException() });
// Test case #6: Check key usage on a cert without keyUsage extension
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, false);
credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
params.add(new Object[] { handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, new DefaultPrincipalFactory().createPrincipal(credential.getId())) });
// Test case #7: Require key usage on a cert without keyUsage extension
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
params.add(new Object[] { handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, new FailedLoginException() });
// Test case #8: Require key usage on a cert with acceptable keyUsage extension values
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
credential = new X509CertificateCredential(createCertificates("user-valid-keyUsage.crt"));
params.add(new Object[] { handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, new DefaultPrincipalFactory().createPrincipal(credential.getId())) });
// Test case #9: Require key usage on a cert with unacceptable keyUsage extension values
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("user-invalid-keyUsage.crt")), true, new FailedLoginException() });
// ===================================
// Revocation tests
// ===================================
ResourceCRLRevocationChecker checker;
// Test case #10: Valid certificate with CRL checking
checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
checker.init();
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
params.add(new Object[] { handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, new DefaultPrincipalFactory().createPrincipal(credential.getId())) });
// Test case #11: Revoked end user certificate
checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
checker.init();
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("user-revoked.crt")), true, new RevokedCertificateException(ZonedDateTime.now(ZoneOffset.UTC), null) });
// Test case #12: Valid certificate on expired CRL data
final ThresholdExpiredCRLRevocationPolicy zeroThresholdPolicy = new ThresholdExpiredCRLRevocationPolicy(0);
checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-expired.crl"), null, zeroThresholdPolicy);
checker.init();
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
params.add(new Object[] { handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, new ExpiredCRLException(null, ZonedDateTime.now(ZoneOffset.UTC)) });
return params;
}
use of org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult in project cas by apereo.
the class HttpBasedServiceCredentialsAuthenticationHandler method authenticate.
@Override
public AuthenticationHandlerExecutionResult authenticate(final Credential credential) throws GeneralSecurityException {
final HttpBasedServiceCredential httpCredential = (HttpBasedServiceCredential) credential;
if (!httpCredential.getService().getProxyPolicy().isAllowedProxyCallbackUrl(httpCredential.getCallbackUrl())) {
LOGGER.warn("Proxy policy for service [{}] cannot authorize the requested callback url [{}].", httpCredential.getService().getServiceId(), httpCredential.getCallbackUrl());
throw new FailedLoginException(httpCredential.getCallbackUrl() + " cannot be authorized");
}
LOGGER.debug("Attempting to authenticate [{}]", httpCredential);
final URL callbackUrl = httpCredential.getCallbackUrl();
if (!this.httpClient.isValidEndPoint(callbackUrl)) {
throw new FailedLoginException(callbackUrl.toExternalForm() + " sent an unacceptable response status code");
}
return new DefaultAuthenticationHandlerExecutionResult(this, httpCredential, this.principalFactory.createPrincipal(httpCredential.getId()));
}
use of org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult in project cas by apereo.
the class SimpleTestUsernamePasswordAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential, final String originalPassword) throws GeneralSecurityException, PreventedException {
final String username = credential.getUsername();
final String password = credential.getPassword();
final Exception exception = this.usernameErrorMap.get(username);
if (exception instanceof GeneralSecurityException) {
throw (GeneralSecurityException) exception;
}
if (exception instanceof PreventedException) {
throw (PreventedException) exception;
}
if (exception instanceof RuntimeException) {
throw (RuntimeException) exception;
}
if (exception != null) {
LOGGER.debug("Cannot throw checked exception [{}] since it is not declared by method signature.", exception.getClass().getName(), exception);
}
if (StringUtils.hasText(username) && StringUtils.hasText(password) && username.equals(password)) {
LOGGER.debug("User [{}] was successfully authenticated.", username);
return new DefaultAuthenticationHandlerExecutionResult(this, new BasicCredentialMetaData(credential), this.principalFactory.createPrincipal(username));
}
LOGGER.debug("User [{}] failed authentication", username);
throw new FailedLoginException();
}
use of org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult in project cas by apereo.
the class TestOneTimePasswordAuthenticationHandler method authenticate.
@Override
public AuthenticationHandlerExecutionResult authenticate(final Credential credential) throws GeneralSecurityException {
final OneTimePasswordCredential otp = (OneTimePasswordCredential) credential;
final String valueOnRecord = credentialMap.get(otp.getId());
if (otp.getPassword().equals(valueOnRecord)) {
return new DefaultAuthenticationHandlerExecutionResult(this, new BasicCredentialMetaData(otp), new DefaultPrincipalFactory().createPrincipal(otp.getId()));
}
throw new FailedLoginException();
}
use of org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult in project cas by apereo.
the class CentralAuthenticationServiceImplWithMockitoTests method prepareNewCAS.
@Before
public void prepareNewCAS() {
this.authentication = mock(Authentication.class);
when(this.authentication.getAuthenticationDate()).thenReturn(ZonedDateTime.now(ZoneOffset.UTC));
final CredentialMetaData metadata = new BasicCredentialMetaData(RegisteredServiceTestUtils.getCredentialsWithSameUsernameAndPassword("principal"));
final Map<String, AuthenticationHandlerExecutionResult> successes = new HashMap<>();
successes.put("handler1", new DefaultAuthenticationHandlerExecutionResult(mock(AuthenticationHandler.class), metadata));
when(this.authentication.getCredentials()).thenReturn(Arrays.asList(metadata));
when(this.authentication.getSuccesses()).thenReturn(successes);
when(this.authentication.getPrincipal()).thenReturn(new DefaultPrincipalFactory().createPrincipal(PRINCIPAL));
final Service service1 = getService(SVC1_ID);
final ServiceTicket stMock = createMockServiceTicket(ST_ID, service1);
final TicketGrantingTicket tgtRootMock = createRootTicketGrantingTicket();
final TicketGrantingTicket tgtMock = createMockTicketGrantingTicket(TGT_ID, stMock, false, tgtRootMock, new ArrayList<>());
when(tgtMock.getProxiedBy()).thenReturn(getService("proxiedBy"));
final List<Authentication> authnListMock = mock(List.class);
// Size is required to be 2, so that we can simulate proxying capabilities
when(authnListMock.size()).thenReturn(2);
when(authnListMock.toArray()).thenReturn(new Object[] { this.authentication, this.authentication });
when(authnListMock.get(anyInt())).thenReturn(this.authentication);
when(tgtMock.getChainedAuthentications()).thenReturn(authnListMock);
when(stMock.getTicketGrantingTicket()).thenReturn(tgtMock);
final Service service2 = getService(SVC2_ID);
final ServiceTicket stMock2 = createMockServiceTicket(ST2_ID, service2);
final TicketGrantingTicket tgtMock2 = createMockTicketGrantingTicket(TGT2_ID, stMock2, false, tgtRootMock, authnListMock);
mockTicketRegistry(stMock, tgtMock, stMock2, tgtMock2);
final ServicesManager smMock = getServicesManager(service1, service2);
final TicketFactory factory = getTicketFactory();
final AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies = new DefaultAuthenticationServiceSelectionPlan(new DefaultAuthenticationServiceSelectionStrategy());
final AuditableExecution enforcer = mock(AuditableExecution.class);
when(enforcer.execute(any())).thenReturn(new AuditableExecutionResult());
this.cas = new DefaultCentralAuthenticationService(mock(ApplicationEventPublisher.class), ticketRegMock, smMock, mock(LogoutManager.class), factory, authenticationRequestServiceSelectionStrategies, new AcceptAnyAuthenticationPolicyFactory(), new DefaultPrincipalFactory(), null, enforcer);
this.cas.setApplicationEventPublisher(mock(ApplicationEventPublisher.class));
}
Aggregations